Urgent help - havp problem

This forum is for all copfilter support related questions in English.
Post Reply
elinap
Posts: 10
Joined: 08 Sep 2011 20:29

Urgent help - havp problem

Post by elinap » 14 Sep 2011 19:50

URGENT PROBLEM - internet not working
Everything was working fine... disabled snort on all interfaces, increased swap size, modified renattach...

Now internet not working: on ipcop status nothing shows red, on copfilter hapv, privoxy can not be started. This is what I get:
Starting HAVP Version: 0.92 Group does not exist: havp You need to: groupadd havp Exiting.. havp is not running
Run the above (groupadd havp), and now get the following:
Starting havp..
ClamAV scanning in havp is enabled
F-Prot scanning in havp is disabled
havp entries in /home/httpd/cgi-bin/proxy.cgi already added
havp entries in /var/ipcop/proxy/squid.conf already added
No configuration change, no squid reconfiguration required
Starting havp
Starting HAVP Version: 0.92 Could not open logfiles! Invalid permissions? Maybe you need: chown havp /var/log/havp Exiting.. havp is not running
When I run the above suggestion (chown havp /var/log/havp) it says that havp does not exist. Where (which directory) should I run it?

Please help get it working again.
What happened?
Thanks,
Eli

karesmakro
Site Admin
Posts: 1280
Joined: 09 Dec 2009 21:17

Re: Urgent help - havp problem

Post by karesmakro » 14 Sep 2011 20:21

Can't say for sure, what happened! Did you installed one of an update?
The right user and group permissions should be havp:copfilter which is declared in /var/log/copfilter/default/opt/havp/etc/havp.config
Please check this and set permissions back to havp:copfilter

Code: Select all

chown -R havp.copfilter /var/log/copfilter/default/opt/havp
and try to start havp from shell

Code: Select all

/var/log/copfilter/default/opt/havp/etc/init.d/copfilter_havp start
and post output.
What speaks the IPCop services? Are they running?
Please also post me the output of

Code: Select all

cat /proc/sys/fs/file-nr

Code: Select all

cat /proc/sys/net/ipv4/netfilter/ip_conntrack_count
Check

Code: Select all

top
and

Code: Select all

dmesg
on shell and

Code: Select all

/var/log/messages
for errors

in addition: yesterday, I saw in your messages, that there were many mails scanned. How many users you have behind your Cop?
Do you have installed 3rd Party sigs on your machine?

elinap
Posts: 10
Joined: 08 Sep 2011 20:29

Re: Urgent help - havp problem

Post by elinap » 15 Sep 2011 00:24

karesmakro wrote:Can't say for sure, what happened! Did you installed one of an update?
The right user and group permissions should be havp:copfilter which is declared in /var/log/copfilter/default/opt/havp/etc/havp.config
Please check this and set permissions back to havp:copfilter
Nothing that I am aware happened. Perhaps setting proxy on blue, changing the frequency of anti-virus updates, stopping messages from these updates.

This is what I get when checking group permissions:

root@ipcopIBM:/var/log/copfilter/default/opt/havp/etc # cat havp.config root@ipcopIBM:/var/log/copfilter/default/opt/havp/etc # ls -l havp.config
-rw-r--r-- 1 havp copfilter 0 2011-09-14 23:00 havp.config
karesmakro wrote:

Code: Select all

chown -R havp.copfilter /var/log/copfilter/default/opt/havp
and try to start havp from shell

Code: Select all

/var/log/copfilter/default/opt/havp/etc/init.d/copfilter_havp start
and post output.
This is the result:
root@ipcopIBM:~ # chown -R havp.copfilter /var/log/copfilter/default/opt/havp
root@ipcopIBM:~ # /var/log/copfilter/default/opt/havp/etc/init.d/copfilter_havp start
cp: cannot stat `/var/log/copfilter/default/opt/havp/etc/havp.config.backup': No such file or directory
ClamAV scanning in havp is enabled
F-Prot scanning in havp is disabled
havp entries in /home/httpd/cgi-bin/proxy.cgi already added
havp entries in /var/ipcop/proxy/squid.conf already added
No configuration change, no squid reconfiguration required
Starting havp
Starting HAVP Version: 0.92
Could not open logfiles!
Invalid permissions? Maybe you need: chown havp /var/log/havp
Exiting..
havp is not running
root@ipcopIBM:~ #
karesmakro wrote: What speaks the IPCop services? Are they running?
I dont understand this: what should I check?
karesmakro wrote: Please also post me the output of

Code: Select all

cat /proc/sys/fs/file-nr

Code: Select all

cat /proc/sys/net/ipv4/netfilter/ip_conntrack_count
Check

Code: Select all

top
and

Code: Select all

dmesg
on shell and

Code: Select all

/var/log/messages
for errors
Here it is the results:

root@ipcopIBM:~ # cat /proc/sys/fs/file-nr
520 114 52275


root@ipcopIBM:~ # cat /proc/sys/net/ipv4/netfilter/ip_conntrack_count
cat: /proc/sys/net/ipv4/netfilter/ip_conntrack_count: No such file or directory


root@ipcopIBM:~ # top
top - 23:06:25 up 8:32, 1 user, load average: 0.00, 0.00, 0.00
Tasks: 69 total, 1 running, 68 sleeping, 0 stopped, 0 zombie
Cpu(s): 50.0% user, 50.0% system, 0.0% nice, 0.0% idle
Mem: 514348k total, 463800k used, 50548k free, 50512k buffers
Swap: 511992k total, 0k used, 511992k free, 170208k cached

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
11278 root 14 0 1052 1052 848 R 99.9 0.2 0:00.24 top
1 root 8 0 572 572 500 S 0.0 0.1 0:03.81 init
2 root 9 0 0 0 0 S 0.0 0.0 0:00.00 keventd
3 root 19 19 0 0 0 S 0.0 0.0 0:00.00 ksoftirqd_CPU0
4 root 9 0 0 0 0 S 0.0 0.0 0:00.07 kswapd
5 root 9 0 0 0 0 S 0.0 0.0 0:00.00 bdflush
6 root 9 0 0 0 0 S 0.0 0.0 0:00.00 kupdated
7 root 9 0 0 0 0 S 0.0 0.0 0:00.00 kjournald
29 root 9 0 0 0 0 S 0.0 0.0 0:00.00 khubd
45 root 9 0 0 0 0 S 0.0 0.0 0:00.00 kjournald
46 root 9 0 0 0 0 S 0.0 0.0 0:00.43 kjournald
88 syslogd 9 0 692 692 592 S 0.0 0.1 0:00.27 syslogd
90 klogd 9 0 1176 1176 576 S 0.0 0.2 0:00.13 klogd
501 root 9 0 484 480 420 S 0.0 0.1 0:00.00 dhcpcd
548 root 7 0 708 708 620 S 0.0 0.1 0:00.01 fcron
553 root 8 0 2252 2252 2064 S 0.0 0.4 0:00.02 httpd
561 nobody 8 0 2628 2628 2256 S 0.0 0.5 0:00.09 httpd
562 nobody 8 0 2624 2624 2248 S 0.0 0.5 0:00.05 httpd
563 root 9 0 1592 1592 1008 S 0.0 0.3 0:00.05 dhcpd
566 dnsmasq 10 0 784 784 676 S 0.0 0.2 0:00.83 dnsmasq
708 root 9 0 1476 1476 1260 S 0.0 0.3 0:00.00 sshd
720 ntp 9 0 1324 1324 1092 S 0.0 0.3 0:00.02 ntpd
771 spam 9 0 1076 1076 896 S 0.0 0.2 0:00.01 p3scan
1011 spam 9 0 123m 123m 1388 S 0.0 24.5 0:56.31 clamd
1012 spam 8 0 123m 123m 1388 S 0.0 24.5 0:00.00 clamd
1013 spam 9 0 123m 123m 1388 S 0.0 24.5 0:00.00 clamd
1121 root 9 0 46828 45m 43m S 0.0 9.1 0:10.11 spamd
1141 spam 9 0 62172 60m 15m S 0.0 12.1 1:00.09 spamd
1142 spam 9 0 46832 45m 43m S 0.0 9.1 0:00.01 spamd
1300 spam 9 0 844 840 692 S 0.0 0.2 0:00.00 proxsmtpd



INPUT IN=eth2 OUT= MAC=01:00:5e:00:00:01:00:26:44:ed:34:7e:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=14244 DF PROTO=2
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:02:26:44:ed:34:7e:08:00 SRC=192.168.1.65 DST=192.168.1.255 LEN=240 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=220
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:02:26:44:ed:34:7e:08:00 SRC=192.168.1.65 DST=192.168.1.255 LEN=231 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=211
INPUT IN=eth2 OUT= MAC=01:00:5e:00:00:01:00:26:44:ed:34:7e:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=14343 DF PROTO=2
INPUT IN=eth2 OUT= MAC=01:00:5e:00:00:01:00:26:44:ed:34:7e:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=14350 DF PROTO=2
INPUT IN=eth2 OUT= MAC=01:00:5e:00:00:01:00:26:44:ed:34:7e:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=14357 DF PROTO=2
NEW not SYN? IN=eth0 OUT= MAC=00:09:6b:46:62:29:00:15:17:3d:7e:d0:08:00 SRC=192.168.2.181 DST=192.168.2.200 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=26835 DF PROTO=TCP SPT=54079 DPT=800 WINDOW=0 RES=0x00 ACK RST URGP=0
INPUT IN=eth2 OUT= MAC=01:00:5e:00:00:01:00:26:44:ed:34:7e:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=14366 DF PROTO=2
INPUT IN=eth2 OUT= MAC=01:00:5e:00:00:01:00:26:44:ed:34:7e:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=14447 DF PROTO=2
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:02:26:44:ed:34:7e:08:00 SRC=192.168.1.65 DST=192.168.1.255 LEN=240 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=220
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:02:26:44:ed:34:7e:08:00 SRC=192.168.1.65 DST=192.168.1.255 LEN=231 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=211
INPUT IN=eth2 OUT= MAC=01:00:5e:00:00:01:00:26:44:ed:34:7e:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=14474 DF PROTO=2
INPUT IN=eth2 OUT= MAC=01:00:5e:00:00:01:00:26:44:ed:34:7e:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=14489 DF PROTO=2
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=19473 PROTO=UDP SPT=68 DPT=67 LEN=308
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=192.168.1.255 LEN=96 TOS=0x00 PREC=0x00 TTL=128 ID=19481 PROTO=UDP SPT=137 DPT=137 LEN=76
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=192.168.1.255 LEN=96 TOS=0x00 PREC=0x00 TTL=128 ID=19482 PROTO=UDP SPT=137 DPT=137 LEN=76
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=192.168.1.255 LEN=96 TOS=0x00 PREC=0x00 TTL=128 ID=19483 PROTO=UDP SPT=137 DPT=137 LEN=76
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=192.168.1.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=19489 PROTO=UDP SPT=137 DPT=137 LEN=58
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=192.168.1.255 LEN=204 TOS=0x00 PREC=0x00 TTL=128 ID=19721 PROTO=UDP SPT=138 DPT=138 LEN=184
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=255.255.255.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=19837 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=192.168.1.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=19838 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=255.255.255.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=19839 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=192.168.1.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=19844 PROTO=UDP SPT=137 DPT=137 LEN=58
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=192.168.1.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=19943 PROTO=UDP SPT=137 DPT=137 LEN=58
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=192.168.1.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=19960 PROTO=UDP SPT=137 DPT=137 LEN=58
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=192.168.1.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=19978 PROTO=UDP SPT=137 DPT=137 LEN=58
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=192.168.1.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=20012 PROTO=UDP SPT=137 DPT=137 LEN=58
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=255.255.255.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20069 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=192.168.1.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20070 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=255.255.255.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20071 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=01:00:5e:00:00:01:00:26:44:ed:34:7e:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=14749 DF PROTO=2
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=255.255.255.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20097 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=192.168.1.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20098 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=255.255.255.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20099 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=255.255.255.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20120 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=192.168.1.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20121 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=255.255.255.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20122 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=255.255.255.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20145 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=192.168.1.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20146 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=255.255.255.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20147 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=255.255.255.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20170 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=192.168.1.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20171 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=255.255.255.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20172 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=01:00:5e:00:00:01:00:26:44:ed:34:7e:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=14873 DF PROTO=2
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=255.255.255.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20179 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=192.168.1.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20180 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=255.255.255.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20181 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=255.255.255.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20225 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=192.168.1.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20226 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=255.255.255.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20227 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:02:26:44:ed:34:7e:08:00 SRC=192.168.1.65 DST=192.168.1.255 LEN=240 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=220
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:02:26:44:ed:34:7e:08:00 SRC=192.168.1.65 DST=192.168.1.255 LEN=231 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=211
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=255.255.255.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20249 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=192.168.1.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20250 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=255.255.255.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20251 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=255.255.255.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20276 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=192.168.1.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20277 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=255.255.255.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20278 PROTO=UDP SPT=17500 DPT=17500 LEN=234
NEW not SYN? IN=eth0 OUT= MAC=00:09:6b:46:62:29:00:15:17:3d:7e:d0:08:00 SRC=192.168.2.181 DST=192.168.2.200 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=28078 DF PROTO=TCP SPT=54117 DPT=800 WINDOW=0 RES=0x00 ACK RST URGP=0
INPUT IN=eth2 OUT= MAC=01:00:5e:00:00:01:00:26:44:ed:34:7e:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=14936 DF PROTO=2
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=255.255.255.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20301 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=192.168.1.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20302 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=255.255.255.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20303 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=255.255.255.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20324 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=192.168.1.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20325 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=255.255.255.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20326 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=255.255.255.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20347 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=192.168.1.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20348 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=255.255.255.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20349 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=255.255.255.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20358 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=192.168.1.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20359 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=255.255.255.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20360 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=01:00:5e:00:00:01:00:26:44:ed:34:7e:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=15023 DF PROTO=2
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=255.255.255.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20411 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=192.168.1.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20412 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=255.255.255.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20413 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=255.255.255.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20434 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=192.168.1.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20435 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=255.255.255.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20436 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=255.255.255.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20457 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=192.168.1.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20458 PROTO=UDP SPT=17500 DPT=17500 LEN=234
INPUT IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:cc:52:af:59:aa:98:08:00 SRC=192.168.1.99 DST=255.255.255.255 LEN=254 TOS=0x00 PREC=0x00 TTL=128 ID=20459 PROTO=UDP SPT=17500 DPT=17500 LEN=234
root@ipcopIBM:~ #
karesmakro wrote: in addition: yesterday, I saw in your messages, that there were many mails scanned. How many users you have behind your Cop?
Do you have installed 3rd Party sigs on your machine?
Only 2 users, with about 6 different emails from different pop3 servers. All smtp traffic is using one server.
If you mean 3rd party sigs for clamv, then yes: phish.ndb, scam.ndb, msrbl-spam.hd, vx.hdb, securiteinfo.hdb, honeynet.ndb and mbl.db.

Should I perhaps reinstall? And then apply the patch to renattach? Or use a different version?

Thanks again, and sorry for the extra long post...

karesmakro
Site Admin
Posts: 1280
Joined: 09 Dec 2009 21:17

Re: Urgent help - havp problem

Post by karesmakro » 15 Sep 2011 07:57

I thought to take a look inside the havp.config, where is declared the group and user used with havp. Fastest way would be, to create a backup of your existing copfilter installation, reinstall it and apply the fix for renattach.
With IPCop services I meant system status for services like web server, proxy and so on.
We can also find out the reason, why havp do not start. If so, please post me following output:

Code: Select all

LD_LIBRARY_PATH=/var/log/copfilter/default/opt/clamav/default/lib /var/log/copfilter/default/opt/havp/default/sbin/havp -c /var/log/copfilter/default/opt/havp/etc/havp.config --show-config

elinap
Posts: 10
Joined: 08 Sep 2011 20:29

Re: Urgent help - havp problem

Post by elinap » 15 Sep 2011 11:33

karesmakro wrote:I thought to take a look inside the havp.config ...
This solved the problem.
When I looked for this file (/var/log/copfilter/default/opt/havp/etc/havp.config) it had 0 length.
I copied "some" other file that was in the same location, from a much earlier date (even before the upgrade to the latest copfilter), and the system now works.

This is what is there now:
-rw-r--r-- 1 havp copfilter 15785 2011-09-15 10:26 havp.config
-rw-r--r-- 1 havp copfilter 15784 2010-12-21 21:12 havp.config.orig
When I try to run the command --show-config on the above file, it says:
./havp.config: Permission denied

Should I check it in some other way?

karesmakro
Site Admin
Posts: 1280
Joined: 09 Dec 2009 21:17

Re: Urgent help - havp problem

Post by karesmakro » 15 Sep 2011 12:52

Take a look at content of havp.config and check this 2 lines:

Code: Select all

USER havp
GROUP copfilter
fix it and try to run the command above, I postet

elinap
Posts: 10
Joined: 08 Sep 2011 20:29

Re: Urgent help - havp problem

Post by elinap » 18 Sep 2011 14:28

Thanks very much.
Everything is working fine now.
No IDS, everything else is on.

Post Reply